linux/meta-security.git/meta-integrity/recipes-core, branch master-nextMirror of git.yoctoproject.org/meta-security.githttps://git.enea.com/cgit/linux/meta-security.git/atom?h=master-next2024-08-01T01:10:13+00:00initramfs-framework-ima: UNPACKDIR fix2024-08-01T01:10:13+00:00Mikko Rapelimikko.rapeli@linaro.org2024-07-25T09:01:18+00:00urn:sha1:7028cd22669cefd4c328410edfa414310174280e
New poky uses UNPACKDIR instead of WORKDIR
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
recipes: WORKDIR -> UNPACKDIR transition2024-06-17T12:25:25+00:00Changqing Lichangqing.li@windriver.com2024-05-28T05:44:06+00:00urn:sha1:ceb47a8a39c4cec612db63fab573124960f52a8d
* WORKDIR -> UNPACKDIR transition
* Switch away from S = WORKDIR
Signed-off-by: Changqing Li <changqing.li@windriver.com>
[Fixed up the smack changes due to prior patch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
integrity-image-minimal: Fix IMAGE_INSTALL2024-02-20T12:40:39+00:00Leon Anavileon.anavi@konsulko.com2024-01-31T14:28:58+00:00urn:sha1:06979d554847d413cc59a219a60d3c4f6073aeed
Append to IMAGE_INSTALL rather than directly setting the variable
and does it after inheriting core-image.bbclass because in it
IMAGE_INSTALL is set with a default value CORE_IMAGE_BASE_INSTALL.
Variable CORE_IMAGE_BASE_INSTALL includes CORE_IMAGE_EXTRA_INSTALL
so the change allows adding auditd to CORE_IMAGE_EXTRA_INSTALL as
per the instructions in meta-integrity/README.md.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
integrity-image-minimal: adapt QEMU cmdline to new changes2023-05-06T11:54:09+00:00Armin Kusterakuster808@gmail.com2023-05-01T15:55:34+00:00urn:sha1:5173c71cb488d016841c797acc12a7b16a1ef786
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta-integrity: Convert to new override syntax2021-08-01T15:47:08+00:00Armin Kusterakuster808@gmail.com2021-07-29T23:32:05+00:00urn:sha1:b8554aae23cb66378866bff7d5ef6c6324fa486a
Signed-off-by: Armin Kuster <akuster808@gmail.com>
initramfs-framework-ima: introduce IMA_FORCE2021-04-12T14:07:11+00:00Ming Liuliu.ming50@gmail.com2021-04-08T18:38:14+00:00urn:sha1:076e75d5cc1fe7b43af8dcd10d8b2b18af422c84
Introduce IMA_FORCE to allow the IMA policy be applied forcely even
'no_ima' boot parameter is available.
This ensures the end users have a way to disable 'no_ima' support if
they want to, because it may expose a security risk if an attacker can
find a way to change kernel arguments, it will easily bypass rootfs
authenticity checks.
Signed-off-by: Sergio Prado <sergio.prado@toradex.com>
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
initramfs-framework-ima: let ima_enabled return 02021-02-24T04:34:51+00:00Ming Liuliu.ming50@gmail.com2021-02-20T12:18:21+00:00urn:sha1:ffab25f929d8e78a909e1a2b362c05be83dee4bf
Otherwise, ima script would not run as intended.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
initramfs-framework-ima: RDEPENDS on ima-evm-keys2021-02-24T04:34:51+00:00Ming Liuliu.ming50@gmail.com2021-02-20T12:18:18+00:00urn:sha1:52bfc654e8a48a1fcfd89ba8750021c21718f6f5
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
initramfs-framework-ima: fix a wrong path2021-02-24T04:34:51+00:00Ming Liuliu.ming50@gmail.com2021-02-20T12:18:16+00:00urn:sha1:0f34b25763de5286cb775f062942fe59eeef7f59
/etc/ima-policy > /etc/ima/ima-policy.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta-integrity: fix issues with yocto-check-layer2020-01-04T18:55:26+00:00Armin Kusterakuster808@gmail.com2019-12-22T15:43:00+00:00urn:sha1:5d629ccb542fe8ce523ea0a53d8a505552004302
[v2]
re-did solutions
Signed-off-by: Armin Kuster <akuster808@gmail.com>